def test_update_domains_custom_fields(self, access_token_first, user_first,
domain_custom_fields):
"""
Test: Update domain custom fields
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
# Update all of domain's custom fields
data = {
'custom_fields': [{
'id': domain_custom_fields[0].id,
'name': str(uuid.uuid4())[:5]
}, {
'id': domain_custom_fields[1].id,
'name': str(uuid.uuid4())[:5]
}]
}
update_resp = send_request('put', self.CFS_URL, access_token_first,
data)
print response_info(update_resp)
assert update_resp.status_code == requests.codes.OK
created_cfs = update_resp.json()['custom_fields']
domain_cf_ids = [cf.id for cf in domain_custom_fields]
assert len(created_cfs) == len(data['custom_fields'])
assert len([
cf['id'] for cf in created_cfs if cf['id'] in domain_cf_ids
]) == len(data['custom_fields'])
def test_update_domain_aoi(self, access_token_first, user_first,
domain_aois):
"""
Test: Update domain's area of interest's description by providing aoi ID via the url
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
aoi_id = domain_aois[0].id
update_data = {
"areas_of_interest": [{
"description": str(uuid.uuid4())[:5]
}]
}
# Update area of interest's description
update_resp = send_request(self.METHOD, AOI_URL % aoi_id,
access_token_first, update_data)
print response_info(update_resp)
assert update_resp.status_code == requests.codes.OK
assert update_resp.json()['areas_of_interest'][0]['id'] == aoi_id
# Retrieve area of interest & assert its description has been updated
get_resp = send_request('get', AOI_URL % aoi_id, access_token_first)
print response_info(get_resp)
assert get_resp.status_code == requests.codes.OK
assert get_resp.json(
)['area_of_interest']['description'] == update_data[
'areas_of_interest'][0]['description']
def test_update_custom_field_by_id(self, user_first, access_token_first,
domain_custom_fields):
"""
Test: Update domain custom field by ID
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
custom_field_id = domain_custom_fields[0].id
# Update custom field by id
data = {
'custom_field': {
'id': domain_custom_fields[0].id,
'name': str(uuid.uuid4())[:5]
}
}
update_resp = send_request('put', self.CF_URL % custom_field_id,
access_token_first, data)
print response_info(update_resp)
assert update_resp.status_code == requests.codes.OK
assert update_resp.json()['custom_field']['id'] == custom_field_id
# Retrieve custom field and assert on its updated name
get_resp = send_request('get', self.CF_URL % custom_field_id,
access_token_first)
print response_info(get_resp)
assert get_resp.status_code == requests.codes.OK
assert get_resp.json(
)['custom_field']['name'] != domain_custom_fields[0].name
assert get_resp.json(
)['custom_field']['name'] == data['custom_field']['name']
def test_update_domain_aois(self, access_token_first, user_first,
domain_aois):
"""
Test: Update domain's areas of interest in bulk
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
aoi_1_id, aoi_2_id = domain_aois[0].id, domain_aois[1].id
update_data = {
'areas_of_interest': [{
"id": aoi_1_id,
"description": str(uuid.uuid4())[:5]
}, {
"id": aoi_2_id,
"description": str(uuid.uuid4())[:5]
}]
}
update_resp = send_request(self.METHOD, AOIS_URL, access_token_first,
update_data)
print response_info(update_resp)
assert update_resp.status_code == requests.codes.OK
assert len(update_resp.json()['areas_of_interest']) == len(
update_data['areas_of_interest'])
for data in update_resp.json()['areas_of_interest']:
assert data['id'] in [aoi_1_id, aoi_2_id]
def test_update_domain_aoi_with_empty_description_field(
self, access_token_first, user_first, domain_aois):
"""
Test: Update domain aoi without providing the description field
Expect: 400; description is required
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
aoi_id = domain_aois[0].id
# Update with description field set to None
update_data_1 = {"areas_of_interest": [{"description": None}]}
updated_resp = send_request(self.METHOD, AOI_URL % aoi_id,
access_token_first, update_data_1)
print response_info(updated_resp)
assert updated_resp.status_code == requests.codes.BAD
# Update with description field set to empty string
update_data_2 = {"areas_of_interest": [{"description": ""}]}
updated_resp = send_request(self.METHOD, AOI_URL % aoi_id,
access_token_first, update_data_2)
print response_info(updated_resp)
assert updated_resp.status_code == requests.codes.BAD
# Update with description field set whitespaces
update_data_3 = {"areas_of_interest": [{"description": " "}]}
updated_resp = send_request(self.METHOD, AOI_URL % aoi_id,
access_token_first, update_data_3)
print response_info(updated_resp)
assert updated_resp.status_code == requests.codes.BAD
def test_add_aois_with_empty_description_field(self, access_token_first,
user_first):
"""
Test: Attempt to add area of interest with empty (None or empty string) value for description field
Expect: 400; description field is required
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
# data with description's value set to None
data_1 = dict(areas_of_interest=[dict(description=None)])
resp = send_request(self.METHOD, AOIS_URL, access_token_first, data_1)
print response_info(resp)
assert resp.status_code == requests.codes.BAD
# data with description's value set to an empty string
data_2 = dict(areas_of_interest=[dict(description="")])
resp = send_request(self.METHOD, AOIS_URL, access_token_first, data_2)
print response_info(resp)
assert resp.status_code == requests.codes.BAD
# data with description's value set to whitespaces
data_3 = dict(areas_of_interest=[dict(description=" ")])
resp = send_request(self.METHOD, AOIS_URL, access_token_first, data_3)
print response_info(resp)
assert resp.status_code == requests.codes.BAD
def validate_role(role, request_domain_id, request_user):
"""
This method will validate given role and permissions of the requesting user.
:param int|basestring role: Role Name or ID
:param request_domain_id: Id of the domain in which new user is going to be created
:param request_user: User object of Logged-in user
:return: Role Id
:rtype: int
"""
if is_number(role):
role_object = Role.query.get(int(role))
if role_object:
role_id = role
role_name = role_object.name
else:
raise NotFoundError("Role with id:%s doesn't exist in database" %
role)
else:
role_object = Role.get_by_name(role)
if role_object:
role_id = role_object.id
role_name = role_object.name
else:
raise NotFoundError("Role with name:%s doesn't exist in database" %
role)
if request_user.role.name != 'TALENT_ADMIN' and (
request_domain_id != request_user.domain_id
or role_name == 'TALENT_ADMIN'):
raise UnauthorizedError(
"User %s doesn't have appropriate permissions to assign "
"given role: (%s)" % role_name)
return role_id
def test_add_existing_aoi_to_domain(self, access_token_first, domain_aois,
user_first):
"""
Test: Attempt to an aoi to domain that already exists
Expect: 400
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
# Necessary data for test case
existing_aoi_description = domain_aois[0].name
data = dict(
areas_of_interest=[dict(description=existing_aoi_description)])
create_resp = send_request(self.METHOD, AOIS_URL, access_token_first,
data)
json_resp = create_resp.json()
print response_info(create_resp)
assert create_resp.status_code == requests.codes.BAD
# AOI ID must be provided in error response
assert 'id' in json_resp['error']
existing_aoi_id = json_resp['error']['id']
assert existing_aoi_id == domain_aois[0].id
# Retrieving AOI using the provided ID from the error response should work
get_resp = send_request('get', AOI_URL % existing_aoi_id,
access_token_first)
print response_info(get_resp)
assert get_resp.status_code == requests.codes.OK
assert get_resp.json(
)['area_of_interest']['domain_id'] == domain_aois[0].domain_id
assert get_resp.json(
)['area_of_interest']['description'] == existing_aoi_description
def test_add_custom_fields_without_access_token(self, user_first):
"""
Test: Access end point without an access token
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
resp = send_request('post', self.URL, None, {})
print response_info(resp)
assert resp.status_code == requests.codes.UNAUTHORIZED
def test_add_source_to_domain(self, user_first, access_token_first):
"""
Test: Add a source to domain
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
data = dict(source=dict(description='job fair', notes='recruited initials: ahb'))
create_resp = send_request('post', self.URL, access_token_first, data)
print response_info(create_resp)
assert create_resp.status_code == self.CREATED
assert 'id' in create_resp.json()['source']
def test_get_domain_sources(self, user_first, access_token_first):
"""
Test: Get all domain's sources
"""
# Create some sources
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
number_of_sources_created = random.randrange(2, 8)
for _ in range(number_of_sources_created):
send_request(method='post', url=self.URL, access_token=access_token_first,
data=dict(source=dict(description=str(uuid.uuid4())[:5])))
user_first.role_id = Role.get_by_name('USER').id
db.session.commit()
# Retrieve all sources in user's domain
get_resp = send_request('get', self.URL, access_token_first)
print response_info(get_resp)
assert get_resp.status_code == self.OK
assert isinstance(get_resp.json()['sources'], list)
assert len(get_resp.json()['sources']) == number_of_sources_created
def test_add_custom_fields_with_whitespaced_name(self, access_token_first,
user_first):
"""
Test: Attempt to create a custom field with empty
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
data = {'custom_fields': [{'name': ' '}]}
create_resp = send_request('post', self.URL, access_token_first, data)
print response_info(create_resp)
assert create_resp.status_code == requests.codes.BAD
def test_delete_non_existing_aoi(self, access_token_first, user_first):
"""
Test: Attempt to delete area of interest that doesn't exist
Expect: 404
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
del_resp = send_request(self.METHOD, AOI_URL % MAX_INT,
access_token_first)
print response_info(del_resp)
assert del_resp.status_code == requests.codes.NOT_FOUND
def test_update_non_existing_aoi(self, access_token_first, user_first):
"""
Test: Attempt to update an area of interest that doesn't exist
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
update_data = {'areas_of_interest': [{'description': fake.word()}]}
updated_resp = send_request(self.METHOD, AOI_URL % MAX_INT,
access_token_first, update_data)
print response_info(updated_resp)
assert updated_resp.status_code == requests.codes.NOT_FOUND
def test_add_aois_without_access_token(self, user_first):
"""
Test: access domain aois resource without access token
Expect: 401
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
resp = send_request(method=self.METHOD,
url=AOIS_URL,
access_token=None,
data=None)
print response_info(resp)
assert resp.status_code == requests.codes.UNAUTHORIZED
def test_get_non_existing_custom_field(self, user_first,
access_token_first):
"""
Test: Retrieve custom field using an id that is not recognized
"""
user_first.role_id = Role.get_by_name('USER').id
db.session.commit()
non_existing_cf_id = sys.maxint
get_resp = send_request('get', self.CF_URL % non_existing_cf_id,
access_token_first)
print response_info(get_resp)
assert get_resp.status_code == requests.codes.NOT_FOUND
def test_delete_another_domains_aoi(self, access_token_second, user_second,
domain_aois):
"""
Test: Attempt to delete area of interest of another domain
Expect: 403; no aoi should be deleted
"""
user_second.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
aoi_id = domain_aois[0].id
del_resp = send_request(self.METHOD, AOI_URL % aoi_id,
access_token_second)
print response_info(del_resp)
assert del_resp.status_code == requests.codes.FORBIDDEN
def test_add_duplicate_source_in_same_domain(self, user_first, access_token_first):
"""
Test: Add same source in the same domain
"""
# Create source
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
data = dict(source=dict(description='job fair', notes='recruited initials: ahb'))
send_request('post', self.URL, access_token_first, data)
# Create same source in same domain again
create_resp = send_request('post', self.URL, access_token_first, data)
print response_info(create_resp)
assert create_resp.status_code == self.INVALID
def test_delete_non_existing_custom_field(self, user_first,
access_token_first):
"""
Test: Delete custom field using an ID that is not recognized
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
non_existing_cf_id = sys.maxint
del_resp = send_request('delete', self.CF_URL % non_existing_cf_id,
access_token_first)
print response_info(del_resp)
assert del_resp.status_code == requests.codes.NOT_FOUND
def test_get_custom_field_of_another_domain(self, access_token_second,
domain_custom_fields):
"""
Test: Retrieve custom fields of another domain
"""
user_first.role_id = Role.get_by_name('USER').id
db.session.commit()
custom_field_id = domain_custom_fields[0].id
# Retrieve another domain's custom field
get_resp = send_request('get', self.CF_URL % custom_field_id,
access_token_second)
print response_info(get_resp)
assert get_resp.status_code == requests.codes.FORBIDDEN
def test_add_aois_to_domain(self, access_token_first, user_first):
"""
Test: Add areas of interest to users' domain
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
create_resp = send_request(self.METHOD, AOIS_URL, access_token_first,
DATA)
print response_info(create_resp)
assert create_resp.status_code == requests.codes.CREATED
assert len(create_resp.json()['areas_of_interest']) == len(
DATA['areas_of_interest'])
assert all(
[aoi.get('id') for aoi in create_resp.json()['areas_of_interest']])
def test_add_custom_field_to_domain_with_role_user(self,
access_token_first,
user_first):
"""
Test: Add custom fields to domain with role user
Expect: 401, Unauthorized
"""
user_first.update(role_id=Role.get_by_name('USER').id)
# Create domain custom field
data = {'custom_fields': [{'name': fake.uuid4()}]}
create_resp = send_request('post', self.URL, access_token_first, data)
print response_info(create_resp)
assert create_resp.status_code == requests.codes.UNAUTHORIZED
def test_update_non_existing_custom_field(self, user_first,
access_token_first):
"""
Test: Update custom field using an id that is not recognized
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
non_existing_cf_id = sys.maxint
data = {'custom_field': {'name': str(uuid.uuid4())[:5]}}
update_resp = send_request('put', self.CF_URL % non_existing_cf_id,
access_token_first, data)
print response_info(update_resp)
assert update_resp.status_code == requests.codes.NOT_FOUND
def put(self, **kwargs):
"""
POST /users/<user_id>/roles Add given roles to a user
:return A dictionary containing success message
:rtype: dict
"""
requested_user_id = kwargs.get('user_id')
requested_user = User.query.get(requested_user_id)
if not requested_user:
raise NotFoundError("User with user_id %s doesn't exist" % requested_user_id)
posted_data = request.get_json(silent=True)
if not posted_data or 'role' not in posted_data:
raise InvalidUsage("Request body is empty or not provided")
role = posted_data.get('role', '')
if is_number(role):
role_object = Role.query.get(int(role))
if role_object:
role_id = role
role_name = role_object.name
else:
raise NotFoundError("Role with id:%s doesn't exist in database" % role)
else:
role_object = Role.get_by_name(role)
if role_object:
role_id = role_object.id
role_name = role_object.name
else:
raise NotFoundError("Role with name:%s doesn't exist in database" % role)
user_role_name = request.user.role.name
if (user_role_name == 'DOMAIN_ADMIN' and role_name == 'TALENT_ADMIN') or \
(user_role_name == 'ADMIN' and role_name in ('DOMAIN_ADMIN', 'TALENT_ADMIN')):
raise UnauthorizedError("Logged-in user %s doesn't have appropriate permission to set "
"role of user %s" % (request.user.id, requested_user.id))
if user_role_name != 'TALENT_ADMIN' and request.user.domain_id != requested_user.domain_id:
raise UnauthorizedError("Logged-in user cannot set roles of users of other domains")
requested_user.role_id = role_id
db.session.commit()
return '', 201
def test_delete_custom_field_of_another_domain(self, user_second,
access_token_second,
domain_custom_fields):
"""
Test: Delete custom fields of another domain
"""
user_second.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
custom_field_id = domain_custom_fields[0].id
# Delete another domain's custom field
del_resp = send_request('delete', self.CF_URL % custom_field_id,
access_token_second)
print response_info(del_resp)
assert del_resp.status_code == requests.codes.FORBIDDEN
def test_add_duplicate_custom_fields_to_domain(self, access_token_first,
user_first):
"""
Test: Add identical custom fields to the same domain
Expect: 201, but only one should be created
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
name = str(uuid.uuid4())[:5]
data = {'custom_fields': [{'name': name}, {'name': name}]}
# Create domain custom fields
create_resp = send_request('post', self.URL, access_token_first, data)
print response_info(create_resp)
assert create_resp.status_code == requests.codes.BAD
def test_get_domains_custom_fields(self, access_token_first, user_first,
domain_custom_fields):
"""
Test: Retrieve domain custom fields
"""
user_first.role_id = Role.get_by_name('USER').id
db.session.commit()
# Retrieve all of domain's custom fields
get_resp = send_request('get', self.CFS_URL, access_token_first)
print response_info(get_resp)
assert get_resp.status_code == requests.codes.OK
assert len(
get_resp.json()['custom_fields']) == len(domain_custom_fields)
assert set([cf['id'] for cf in get_resp.json()['custom_fields']
]).issubset([cf.id for cf in domain_custom_fields])
def test_delete_custom_field_by_id(self, user_first, access_token_first,
domain_custom_fields):
"""
Test: Delete domain custom field by ID
"""
user_first.role_id = Role.get_by_name('DOMAIN_ADMIN').id
db.session.commit()
custom_field_id = domain_custom_fields[0].id
# Delete custom field by id
del_resp = send_request('delete', self.CF_URL % custom_field_id,
access_token_first)
print response_info(del_resp)
assert del_resp.status_code == requests.codes.OK
assert del_resp.json()['custom_field']['id'] == custom_field_id
def test_get_source(self, user_first, access_token_first):
"""
Test: Get a source from user's domain by providing source's ID
"""
# Create source
user_first.role_id = Role.get_by_name('TALENT_ADMIN').id
db.session.commit()
data = dict(source=dict(description='job fair', notes='recruited initials: ahb'))
create_resp = send_request('post', self.URL, access_token_first, data)
# Retrieve source
source_id = create_resp.json()['source']['id']
get_resp = send_request('get', self.URL_PLUS_ID % source_id, access_token_first)
print response_info(get_resp)
assert get_resp.status_code == self.OK
assert isinstance(get_resp.json()['source'], dict)
def add_roles():
""" Function will associated each user with every Permission except delete-roles """
print "running: add_roles()"
permission_names = get_permissions()
permissions_not_allowed_for_roles = dict()
permissions_not_allowed_for_roles['TALENT_ADMIN'] = []
permissions_not_allowed_for_roles['DOMAIN_ADMIN'] = [
Permission.PermissionNames.CAN_IMPERSONATE_USERS,
Permission.PermissionNames.CAN_DELETE_DOMAINS,
Permission.PermissionNames.CAN_ADD_DOMAINS
]
permissions_not_allowed_for_roles[
'ADMIN'] = permissions_not_allowed_for_roles['DOMAIN_ADMIN'] + [
Permission.PermissionNames.CAN_EDIT_DOMAINS,
Permission.PermissionNames.CAN_ADD_TALENT_POOLS,
Permission.PermissionNames.CAN_ADD_DOMAIN_GROUPS,
Permission.PermissionNames.CAN_DELETE_DOMAIN_GROUPS,
Permission.PermissionNames.CAN_EDIT_DOMAIN_GROUPS,
Permission.PermissionNames.CAN_GET_DOMAIN_GROUPS,
Permission.PermissionNames.CAN_DELETE_TALENT_POOLS,
Permission.PermissionNames.CAN_EDIT_USER_ROLE
]
permissions_not_allowed_for_roles[
'USER'] = permissions_not_allowed_for_roles['ADMIN'] + [
Permission.PermissionNames.CAN_EDIT_TALENT_POOLS,
Permission.PermissionNames.CAN_ADD_WIDGETS,
Permission.PermissionNames.CAN_EDIT_WIDGETS,
Permission.PermissionNames.CAN_DELETE_WIDGETS,
Permission.PermissionNames.CAN_DELETE_USERS,
Permission.PermissionNames.CAN_ADD_USERS,
Permission.PermissionNames.CAN_DELETE_CANDIDATES
]
role_names = permissions_not_allowed_for_roles.keys()
for role_name in role_names:
role_id = Role.save(role_name)
for permission_name in permission_names:
if permission_name not in permissions_not_allowed_for_roles[
role_name]:
db.session.add(
PermissionsOfRole(role_id=role_id,
permission_id=Permission.get_by_name(
permission_name).id))
db.session.commit()